<?php session_start();
include "functions.php";
include 'statics.php';
if (isset($_SESSION['lang']))
    require_once "./language_files/add_coauthor_" . $_SESSION['lang'] . ".php";
else
    require_once "./language_files/add_coauthor_en.php";
$main_id = $_SESSION['member_id'];
$main_email = $_SESSION['email'];
if (isset($_POST['email']) && $_POST['email'] != null && isset($_POST['Fname']) && $_POST['Fname'] != NULL
        && isset($_POST['confID']) && isset($_POST['paper']) && isset($_POST['Lname']) && $_POST['Lname'] != NULL) {
    $Fname = mysql_safe($_POST['Fname']);
    $Lname = mysql_safe($_POST['Lname']);
    $email = mysql_safe($_POST['email']);
    $confID = mysql_safe($_POST['confID']);
    $paper_id = mysql_safe($_POST['paper']);
    $query = mysql_query("SELECT id FROM co_authors WHERE author_email = '$email'
             AND paper_id = $paper_id") or die(mysql_error());
    if (mysql_num_rows($query) > 0 || $email == $main_email) {
        echo $lang['message_1'];
    } else {
        $user = mysql_query("SELECT DISTINCT member_id, email FROM member WHERE email = '$email'") or die(mysql_error());
        if (mysql_num_rows($user) == 1) {
            while ($row = mysql_fetch_assoc($user)) {
                $id = $row['member_id'];
            }
            $check_if_author = mysql_query("SELECT member_id FROM member_privileges WHERE
                    member_id ='$id' AND conference_id='$confID' AND privileges_id= '3'") or die(mysql_error());
            if (mysql_num_rows($check_if_author) == 1) {

                $add_to_coauthors = mysql_query("INSERT INTO co_authors (paper_id, author_email)
                            VALUES ($paper_id, '$email')
                           ") or die(mysql_error());
                $message = 'You have been added as co author to paper, check My Conferences in the menu for more information';
                mysql_query("INSERT INTO messages (message, subject, date_sent) VALUES ('$message',
                            'You have been added as Co author', NOW())") or die(mysql_error());
                $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
                While ($row = mysql_fetch_assoc($message_id)) {
                    $mesid = $row['message_id'];
                }
                $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($main_id, $id, $confID, $mesid)") or die(mysql_error());
                echo "1";
            } else if (mysql_num_rows($check_if_author) == 0) {
                $add_to_conference = mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
                        VALUES ($id, 3, $confID)") or die(mysql_error());
                $add_to_coauthors = mysql_query("INSERT INTO co_authors (paper_id, author_email)
                            VALUES ($paper_id, '$email')
                           ") or die(mysql_error());
                $message = 'You have been added as co author to paper, check My Conferences in the menu for more information';
                mysql_query("INSERT INTO messages (message, subject, date_sent) VALUES ('$message',
                            'You have been added as Co author', NOW())") or die(mysql_error());
                $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
                While ($row = mysql_fetch_assoc($message_id)) {
                    $mesid = $row['message_id'];
                }
                $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($main_id, $id, $confID, $mesid)") or die(mysql_error());
                echo '1';
            } else {
                echo $lang['message_2'];
            }
        } else {
            $password1 = createRandomPassword();
            $password=sHashNewPassword($email,$password1);
            $add_member = mysql_query("INSERT INTO member (email, password, first_name, last_name, activated)
                    VALUES ('$email', '$password', '$Fname', '$Lname', 1)") or die(mysql_error());
            if ($add_member) {
                $mem_id = get_memberID($email);
            }
            $add_to_conference = mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
                        VALUES ($mem_id, 3, $confID)") or die(mysql_error());
            $add_to_coauthors = mysql_query("INSERT INTO co_authors (paper_id, author_email)
                            VALUES ($paper_id, '$email')
                           ") or die(mysql_error());
            $confname = get_conference_name($confID);
            $to = $email;
            $subject = "Paper Co-author invitation";
            $message = "You have been added as paper co-author in conference {$confname}
            to access you account please visit: {$_SERVER['SERVER_NAME']}/confo
            login infromation:
            Email: {$email}
            Passowrd: {$password1}";
            $from = "ConfO System";
            $invitation = mail($to, $subject, $message, $from) or die("no mail server");
            echo '1';
        }
    }
} else {
    echo $lang['message_3'];
}
?>